Support Questions

Find answers, ask questions, and share your expertise

how to drop "ranger.usersync.ldap.ldapbindpassword" using config.sh script

avatar
Expert Contributor

I am trying to automate ranger ldap integration. I am stuck at on how to drop "ranger.usersync.ldap.ldapbindpassword" value using ambari "config.sh" script ?

Can you please guide on how to achieve this ?

I tried to check in working cluster which has ranger ldap integrated and the output is as below -

# ./configs.sh -u admin -p admin -port 8080  get `hostname` hdptest ranger-ugsync-site |grep ldapbind
"ranger.usersync.ldap.ldapbindpassword" : "SECRET:ranger-ugsync-site:11:ranger.usersync.ldap.ldapbindpassword",

Not sure how the password is stored or taken in the value.

1 ACCEPTED SOLUTION

avatar
Master Mentor

@Sagar Shimpi

Not sure if i understood the query correctly... But i tried this

1. Get the "ranger-ugsync-site" config as following using "action=get"

# /var/lib/ambari-server/resources/scripts/configs.py --user=admin --password=admin --port=8080 --action=get --host=localhost --cluster=plain_ambari --config-type=ranger-ugsync-site --file=/tmp/ranger-ugsync-site_payload.json

2. Edited the file "/tmp/ranger-ugsync-site_payload.json" and changed the value of property "ranger.usersync.ldap.ldapbindpassword" in clear text like "ABCD..blah..blah"

3. set this file back using the following command. (action=set)

# /var/lib/ambari-server/resources/scripts/configs.py --user=admin --password=admin --port=8080 --action=set --host=localhost --cluster=plain_ambari --config-type=ranger-ugsync-site --file=/tmp/ranger-ugsync-site_payload.json

.

Done.

In order to verify the password was set correctly or not i then tried to get the value again:

#  /var/lib/ambari-server/resources/scripts/configs.py --user=admin --password=admin --port=8080 --action=get --host=localhost --cluster=plain_ambari --config-type=ranger-ugsync-site | grep 'ldapbindpassword'

  "ranger.usersync.ldap.ldapbindpassword": "SECRET:ranger-ugsync-site:3:ranger.usersync.ldap.ldapbindpassword",

.

View solution in original post

3 REPLIES 3

avatar
Expert Contributor

avatar
Master Mentor

@Sagar Shimpi

Not sure if i understood the query correctly... But i tried this

1. Get the "ranger-ugsync-site" config as following using "action=get"

# /var/lib/ambari-server/resources/scripts/configs.py --user=admin --password=admin --port=8080 --action=get --host=localhost --cluster=plain_ambari --config-type=ranger-ugsync-site --file=/tmp/ranger-ugsync-site_payload.json

2. Edited the file "/tmp/ranger-ugsync-site_payload.json" and changed the value of property "ranger.usersync.ldap.ldapbindpassword" in clear text like "ABCD..blah..blah"

3. set this file back using the following command. (action=set)

# /var/lib/ambari-server/resources/scripts/configs.py --user=admin --password=admin --port=8080 --action=set --host=localhost --cluster=plain_ambari --config-type=ranger-ugsync-site --file=/tmp/ranger-ugsync-site_payload.json

.

Done.

In order to verify the password was set correctly or not i then tried to get the value again:

#  /var/lib/ambari-server/resources/scripts/configs.py --user=admin --password=admin --port=8080 --action=get --host=localhost --cluster=plain_ambari --config-type=ranger-ugsync-site | grep 'ldapbindpassword'

  "ranger.usersync.ldap.ldapbindpassword": "SECRET:ranger-ugsync-site:3:ranger.usersync.ldap.ldapbindpassword",

.

avatar
Expert Contributor

@Jay Kumar SenSharma It worked. thanks you alot for quick help.